Published on August 18th, 2012 | by Mithil Bhatia0
pod2g Discovered SMS Spoofing Vulnerability in iOS: Never trust SMS!
A French Hacker and iOS security researcher, well-known by the handle pod2g has exposed a severe problem that could allow scammers to spoof or send fake text messages that appears to come from trusted sources. This flaw is there in iOS since its incorporation and is still present in iOS 6 beta 4.
pod2g explains the flaw in his blog post,“Never trust SMS: iOS text spoofing”:
“PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, …
In the text payload, a section called UDH (User Data Header) is optional but defines a lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one. …
In a good implementation of this feature, the receiver would see the original phone number and the reply-to one. On iPhone, when you see the message, it seems to come from the reply-to number, and you loose track of the origin. …”
In theory, here’s how the SMS thing works on iOS: Sending of each message is processed with help of a protocol – PDU (Protocol Description Unit). There is an optional section of text payload called UDH (User Data Header) that contains information about the sender of the SMS. Among this information, which are handled directly by the mobile operating system, is the phone number of the sender supported by another field that allows you to insert an additional number that will be used as a kind of “reply-to” address of the SMS.
This additional number if active in the case, the recipient instead of responding to the original number replies to the one specified additionally in the UDH. This exploit is only possible if the recipient’s mobile is compatible to handle such manipulation and yes, iPhone is!
pod2g has also highlighted a few ways in which exploiters could take advantage of this flaw:
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be used to manipulate people, letting them trust somebody or some organization texted them.
Additionally, relevant tools are already available that makes such SMS loopholes easier using a very simple procedure and pod2g is also in a process to publicize one. pod2g has urged Apple to fix this issue before public release of iOS 6 in the amidst next month. In recent times, the safety is not home to Apple and pod2g’s exposure to the SMS Spoofing Vulnerability in iOS SMS Management has aggravate the hitch for Apple.